package com.yingxin.yx.framework.security.provider;

import com.yingxin.yx.framework.commons.constant.CommonConst;
import com.yingxin.yx.framework.encrpty.rsa.RsaUtil;
import com.yingxin.yx.framework.security.pwd.Sha1PasswordEncoder;
import com.yingxin.yx.framework.security.user.PrincipalDto;
import com.yingxin.yx.framework.security.userdetails.OpenApiAccountUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;

/**
 * 验证用户
 */

@Component
public class OpenApiAccountAuthenticationProvider implements AuthenticationProvider {

    @Autowired(required = false)
    private OpenApiAccountUserDetailsService openApiAccountUserDetailsService;

    @SuppressWarnings("rawtypes")
    @Autowired
    @Qualifier(value = "stringRedisTemplate")
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        // 获取表单输入中返回的用户名
        String username = (String) authentication.getPrincipal();
        // 获取表单中输入的密码
        String password = (String) authentication.getCredentials();
        String plainPassword = RsaUtil.decryptByPrivateKey(password.trim());
        // 查询用户是否存在
        PrincipalDto principal = (PrincipalDto) openApiAccountUserDetailsService.loadUserByUsername(username);
        if (principal == null) {
            throw new UsernameNotFoundException("用户名或密码错误");
        }
        if (CommonConst.TRUE.equals(principal.getFindByIdFlag())) {
            throw new UsernameNotFoundException("用户名或密码错误");
        }
        if (plainPassword == null || !new Sha1PasswordEncoder().matches(plainPassword, principal.getPassword())) {
            WebAuthenticationDetails webAuthenticationDetails =
                    ( WebAuthenticationDetails ) authentication.getDetails();

            openApiAccountUserDetailsService.saveLoginErrorLog( username, plainPassword,
                    webAuthenticationDetails.getRemoteAddress(),
                    "OPENAPI" );

            throw new BadCredentialsException("用户名或密码错误");
        }

        return new UsernamePasswordAuthenticationToken(principal, plainPassword, principal.getAuthorities());
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return true;
    }


}